Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2258 | 1 Phpmybibli | 1 Phpmybibli | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | |||||
| CVE-2007-2257 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb2 | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2256 | 1 Tjschat | 1 Tjschat | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-2228 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 7.8 HIGH | N/A |
| rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. | |||||
| CVE-2007-2255 | 1 Alexscriptengine | 1 Download-engine | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW. | |||||
| CVE-2007-2205 | 1 Lan Management System | 1 Lan Management System | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643. | |||||
| CVE-2007-2207 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter. | |||||
| CVE-2007-2121 | 1 Oracle | 1 Application Server | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02. | |||||
| CVE-2007-2122 | 1 Oracle | 1 Application Server | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03. | |||||
| CVE-2007-2123 | 1 Oracle | 1 Application Server | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04. | |||||
| CVE-2007-2124 | 1 Oracle | 1 Application Server | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05. | |||||
| CVE-2007-2179 | 1 Raiden Professional Servers | 1 Raidenftpd | 2018-10-16 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference. | |||||
| CVE-2007-2180 | 1 Nullsoft | 1 Winamp | 2018-10-16 | 7.1 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. | |||||
| CVE-2007-2125 | 1 Oracle | 1 Collaboration Suite | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01. | |||||
| CVE-2007-2126 | 1 Oracle | 1 E-business Suite | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02). | |||||
| CVE-2007-2128 | 1 Oracle | 1 E-business Suite | 2018-10-16 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08. | |||||
| CVE-2007-2129 | 1 Oracle | 1 Enterprise Manager | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01. | |||||
| CVE-2007-2130 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2018-10-16 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. | |||||
| CVE-2007-2131 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01. | |||||
| CVE-2007-2081 | 1 Myblog | 1 Myblog | 2018-10-16 | 7.5 HIGH | N/A |
| MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. | |||||
| CVE-2007-1869 | 1 Lighttpd | 1 Lighttpd | 2018-10-16 | 5.0 MEDIUM | N/A |
| lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. | |||||
| CVE-2007-1870 | 1 Lighttpd | 1 Lighttpd | 2018-10-16 | 7.8 HIGH | N/A |
| lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. | |||||
| CVE-2007-1871 | 1 Chcounter | 1 Chcounter | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/. | |||||
| CVE-2007-1872 | 1 Toenda Software Development | 1 Toendacms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. | |||||
| CVE-2007-1873 | 1 Mephisto | 1 Mephisto | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script. | |||||
| CVE-2007-1876 | 2 Microsoft, Vmware | 3 Windows 2003 Server, Windows Xp, Workstation | 2018-10-16 | 7.2 HIGH | N/A |
| VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." | |||||
| CVE-2007-1877 | 1 Vmware | 1 Workstation | 2018-10-16 | 7.8 HIGH | N/A |
| VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information. | |||||
| CVE-2007-1878 | 1 Parakey Inc. | 1 Firebug | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name. | |||||
| CVE-2007-1891 | 1 Akamai Technologies | 1 Download Manager | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. | |||||
| CVE-2007-1892 | 1 Akamai Technologies | 1 Download Manager | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. | |||||
| CVE-2007-1894 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. | |||||
| CVE-2007-1898 | 8 Apple, Hp, Jetbox and 5 more | 16 Mac Os X, Hp-ux, Tru64 and 13 more | 2018-10-16 | 5.8 MEDIUM | N/A |
| formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. | |||||
| CVE-2007-1914 | 1 Sap | 1 Rfc Library | 2018-10-16 | 7.8 HIGH | N/A |
| The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2007-1901 | 1 Sonicbb | 1 Sonicbb | 2018-10-16 | 4.3 MEDIUM | N/A |
| SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message. | |||||
| CVE-2007-1902 | 1 Sonicbb | 1 Sonicbb | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php. | |||||
| CVE-2007-1903 | 1 Sonicbb | 1 Sonicbb | 2018-10-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter. | |||||
| CVE-2007-1906 | 2 Ecardmax.com, Mybb | 2 Hot Editor, Mybb Hot Editor Plugin | 2018-10-16 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter. | |||||
| CVE-2007-1924 | 1 Phpcontact | 1 Phpcontact | 2018-10-16 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is disputed by CVE and a reliable third party, because include_path is initialized to a fixed value before use. | |||||
| CVE-2007-1919 | 1 Arizona-dream | 1 Livre D Or Livor | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2007-1921 | 1 Nullsoft | 1 Winamp | 2018-10-16 | 9.3 HIGH | N/A |
| LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. | |||||
| CVE-2007-1923 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2018-10-16 | 7.5 HIGH | N/A |
| (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. | |||||
| CVE-2007-1926 | 1 Jbmc Software | 1 Directadmin | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. | |||||
| CVE-2007-1927 | 1 Youngzsoft | 1 Cmailserver | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. | |||||
| CVE-2007-1928 | 1 Witshare | 1 Witshare | 2018-10-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter. | |||||
| CVE-2007-1974 | 2 Wf-sections, Xoops | 3 Wf-sections, Happy Linux Xfsection Module, Zmagazine Module | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php. | |||||
| CVE-2007-1937 | 1 Dreamcodes | 1 Scorp Book | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | |||||
| CVE-2007-1942 | 1 Faststone | 1 Image Viewer | 2018-10-16 | 9.3 HIGH | N/A |
| Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp. | |||||
| CVE-2007-1943 | 1 Acd Systems | 1 Acdsee Photo Manager | 2018-10-16 | 9.3 HIGH | N/A |
| Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp. | |||||
| CVE-2007-1987 | 1 Phpecho Cms | 1 Phpecho Cms | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use. | |||||
| CVE-2007-1946 | 1 Microsoft | 1 Windows Xp | 2018-10-16 | 10.0 HIGH | N/A |
| Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. | |||||